I've been able to set up a TN3270 sever as a separate task and successfully put both secured and non-secured telnet in the same server. In the telnet parms you can define setup for port 23 (non-secured) and port 992 (TLS/SSL) secured. You also have to have the SSL task running (GSKSRVR) - I'm presuming you know that. The reason behind the dual ports for now is that the desktop client currently in use does not support TLS/SSL for 3270 terminals; on VT100/VT220 emulation. We are upgrading the client to a version that does support 3270 emulation using TLS/SSL but it will be phased in. The 2 port setup allows us to do so simply by changing the client sessions to point to one or the other ports and the security type until all desktops are upgraded. For testing, the Equifax certificate was put into the z/OS side using gskkyman utility; public keys were generated with the utility and the handshake/exchange was done on the 1st attachment of the client. This way, as long as you have control over the TN3270 emulation client you're testing with, you can validate and test using the same TN3270 task. There is a good example in Appendix D of the Comm. Server for z/OS v1R7 TCP/IP Implementation, Volume 2 (Redbook).
---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
